Skip to content

Commit

Permalink
[caclmgrd] remove default DROP rule on FORWARD chain (#5034)
Browse files Browse the repository at this point in the history
  • Loading branch information
jleveque authored Jul 24, 2020
1 parent 55d3ecd commit 1587889
Showing 1 changed file with 0 additions and 2 deletions.
2 changes: 0 additions & 2 deletions files/image_config/caclmgrd/caclmgrd
Original file line number Diff line number Diff line change
Expand Up @@ -378,9 +378,7 @@ class ControlPlaneAclManager(object):
# add iptables/ip6tables commands to drop all other incoming packets
if num_ctrl_plane_acl_rules > 0:
iptables_cmds.append("iptables -A INPUT -j DROP")
iptables_cmds.append("iptables -A FORWARD -j DROP")
iptables_cmds.append("ip6tables -A INPUT -j DROP")
iptables_cmds.append("ip6tables -A FORWARD -j DROP")

return iptables_cmds

Expand Down

0 comments on commit 1587889

Please sign in to comment.